Chapter 10Securing APIs

In this chapter, we learn how to secure your API. API security consists of three key elements: identity, access control, and encryption. We’ll explore each one in turn and then focus on a solution for implementing each of them in a direct way.

images/securing/2020-04-securing.png

After we review the security basics, we’ll dive into implementing them via standards called OpenAuth (OAuth)[76] and JSON Web Token (JWT).[77] OAuth is a protocol for requesting and sharing access control information for a particular user or machine. JWT is a standard way of representing access control in the form of a token. When used together, you can easily add security features ...

Get Design and Build Great Web APIs now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.